Discourse

Discourse

252 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2026-33251

  • EPSS 0.16%
  • Veröffentlicht 20.03.2026 22:52:37
  • Zuletzt bearbeitet 24.03.2026 20:55:18

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass vulnerability in hidden Solved topics may allow unauthorized users to accept or unaccept solutions. Versions 2026.3....

4.9

CVE-2026-30889

  • EPSS 0.28%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:00:25

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a moderator could exploit insufficient authorization checks to access metadata of posts they should not have permission to view. Versions 20...

6.5

CVE-2026-30891

  • EPSS 0.22%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:11:14

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, a user could access another user's private activity due to insufficient authorization checks in the user actions endpoint. Versions 2026.3.0...

8.2

CVE-2026-31805

  • EPSS 0.22%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:17:35

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, an authorization bypass in the poll plugin allowed authenticated users to vote on, remove votes from, or toggle the open/closed status of po...

4.3

CVE-2026-31869

  • EPSS 0.18%
  • Veröffentlicht 20.03.2026 03:15:59
  • Zuletzt bearbeitet 24.03.2026 20:22:46

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the ComposerController#mentions endpoint reveals hidden group membership to any authenticated user who can message the group. By supplying a...

5.5

CVE-2026-30888

  • EPSS 0.21%
  • Veröffentlicht 20.03.2026 03:15:58
  • Zuletzt bearbeitet 24.03.2026 19:59:16

Discourse is an open-source discussion platform. Versions prior to 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 allow a moderator to edit site policy documents (ToS, guidelines, privacy policy) that they are explicitly prohibited from modifying. Version...

4.3

CVE-2026-32114

  • EPSS 0.21%
  • Veröffentlicht 20.03.2026 03:13:34
  • Zuletzt bearbeitet 24.03.2026 20:41:00

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, there is an Insecure Direct Object Reference (IDOR) vulnerability that allows any authenticated user to access metadata about AI personas, f...

2.7

CVE-2026-33408

  • EPSS 0.28%
  • Veröffentlicht 19.03.2026 22:35:14
  • Zuletzt bearbeitet 24.03.2026 20:55:00

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, moderators were able to see the first 40 characters of post edits in PMs and private categories. Versions 2026.3.0-latest.1, 2026.2.1, and 2...

5.4

CVE-2026-33395

  • EPSS 0.23%
  • Veröffentlicht 19.03.2026 22:33:19
  • Zuletzt bearbeitet 24.03.2026 19:46:59

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the discourse-graphviz plugin contains a stored cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious...

4.3

CVE-2026-33393

  • EPSS 0.25%
  • Veröffentlicht 19.03.2026 22:16:42
  • Zuletzt bearbeitet 24.03.2026 20:41:57

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the `allowed_spam_host_domains` check used `String#end_with?` without domain boundary validation, allowing domains like `attacker-example.co...